BIND 9.7 Serial Number Decrease Problem

Barry Finkel bsfinkel at anl.gov
Mon Jun 20 15:49:31 UTC 2011


Barry Finkel wrote:
>> I ran a test this morning on one of the Solaris 10 slave servers.
>> A query to the server showed serial numbers:
>>
>>      _tcp   1238
>>      _udp    842
>>
>> Both of these match the zone on the MS Windows DNS Server.
>> I checked the zone files on the slave server:
>>
>>      _tcp   1239
>>      _udp    843
>>
>> Both of these are increased by one from what BIND returns in
>> response to a query.
>>
>> The two zones have NO .jnl files.
>>
>> I did
>>
>>      ./rndc stop
>>      <<Wait for the "exiting" message.>>
>>      /etc/init.d/named.anl start;tail -f /var/adm/messages
>>
>> Once BIND started, the serial numbers were INCREASED, as I
>> expected they would be, given the lack of .jnl files.
>>
>> And a few minutes later BIND complained about the serial
>> number on the master being less than that on the slave
>> for both zones.  I consider this a bug in BIND 9.
>> What further diagnostics do I need to get?
>>
>> I have another Solaris 10 slave on which, I assume, I can
>> duplicate this.  And from past experience, in one day, after
>> the zone has expired and been refreshed, I will be in the same
>> state on this slave.


John Wobus <jw354 at cornell.edu> replied:
>Do bind slave instnces EVER make up or increment serial
>numbers?  This just seems like such an unlikely bug
>that bind would start doing that.  Could it be that
>the supposed slave instance is accepting dynamic updates?
>
>I'd be tracing/tracking SOA files on the master, and communications
>between the dns instances very closely before I'd even
>give such a potential bug much thought. Perhaps there are
>bind functions that I'm not aware of and I'm wrong.
>
>John


I have an open trouble ticket #24831 with bind9-bugs.  With all of the
AD zones, the _msdcs and _sites zones get more frequent serial number
updates than do the _tcp and _udp zones.  In my case, with the
_tcp and _udp zones in question (from a 06:15 daily cron that checks
serial numbers):

      _tcp
           18 Oct 2010  1232 --> 1233
           21 Oct 2010  1233 --> 1239
           10 Nov 2010  1239 --> 1238   (decrease on master)

      _udp
           20 Oct 2010   838 -->  843
           10 Nov 2010   843 -->  842   (decrease on master)

The zone has a lifetime of 24H, so after one day, the zone
expires on the BIND slave servers and is re-transferred
from the master.  At that time I expect that the serial
number on the slave will be the same as that on the master.
The serial numbers have not changed on these
two zones since the decrease on Nov 09 (based on 06:15 Nov 10
queries).  On the slaves, the zones have serial numbers 1239
and 843, and there are no .jnl files for these zones.
There are, however, lots of .jnl files for other AD zones.
I slave 51 AD zones from the MS DNS Server master.
-- 
----------------------------------------------------------------------
Barry S. Finkel
Computing and Information Systems Division
Argonne National Laboratory          Phone:    +1 (630) 252-7277
9700 South Cass Avenue               Facsimile:+1 (630) 252-4601
Building 240, Room 5.B.8             Internet: BSFinkel at anl.gov
Argonne, IL   60439-4828             IBMMAIL:  I1004994



More information about the bind-users mailing list